On 4/28/20, 12:38 PM, "Norman Gray" wrote:
Jason, hello.
On 28 Apr 2020, at 17:30, Dana, Jason T. wrote:
> I am trying to configure pam and/or nslcd to query an AD/LDAP server
> when a user accesses a system via SSH using public key authentication.
>
> I have successfully configured nslcd to query the AD/LDAP server and
> filter on a specific group. Unfortunately it does not appear to apply
> if the user is accessing the system using public key authentication. I
> have attempted a number of different sshd pam configuration changes
> and have added a pam_authz_search entry to nslcd.conf, but
> unfortunately none appear to be getting used.
The way I've set this up is by storing the public key in the LDAP
database, and using the sshd_config AuthorizedKeysCommand to do a lookup
by username. That ignores any key in ~/.ssh/authorized_keys.
Is that what you're aiming for? I can add further details if so.
Note that that doesn't involve PAM at all (IIRC) -- it's the ssh daemon
that does the lookup and checks the key.
Thank you for the reply Norman!
I have been looking into this option as well, but so far it is not looking like
my company will support adding public keys to the user's AD accounts.
Jason

This archive was generated using
mhonarc
on Mon Jun 01 04:04:34 2020.
If you have any questions about these pages, please contact
listmaster [at]
arthurdejong.org.
Please see the mailing list policy and disclaimer.